Metasploit for Beginners电子书

Title Page

Copyright

Metasploit for Beginners

Credits

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

Introduction to Metasploit and Supporting Tools

The importance of penetration testing

Vulnerability assessment versus penetration testing

The need for a penetration testing framework

Introduction to Metasploit

When to use Metasploit?

Making Metasploit effective and powerful using supplementary tools

Nessus

NMAP

w3af

Armitage

Summary

Exercises

Setting up Your Environment

Using the Kali Linux virtual machine - the easiest way

Installing Metasploit on Windows

Installing Metasploit on Linux

Setting up exploitable targets in a virtual environment

Summary

Exercises

Metasploit Components and Environment Configuration

Anatomy and structure of Metasploit

Metasploit components

Auxiliaries

Exploits

Encoders

Payloads

Post

Playing around with msfconsole

Variables in Metasploit

Updating the Metasploit Framework

Summary

Exercises

Information Gathering with Metasploit

Information gathering and enumeration

Transmission Control Protocol

User Datagram Protocol

File Transfer Protocol

Server Message Block

Hypertext Transfer Protocol

Simple Mail Transfer Protocol

Secure Shell

Domain Name System

Remote Desktop Protocol

Password sniffing

Advanced search with shodan

Summary

Exercises

Vulnerability Hunting with Metasploit

Managing the database

Work spaces

Importing scans

Backing up the database

NMAP

NMAP scanning approach

Nessus

Scanning using Nessus from msfconsole

Vulnerability detection with Metasploit auxiliaries

Auto exploitation with db_autopwn

Post exploitation

What is meterpreter?

Searching for content

Screen capture

Keystroke logging

Dumping the hashes and cracking with JTR

Shell command

Privilege escalation

Summary

Exercises

Client-side Attacks with Metasploit

Need of client-side attacks

What are client-side attacks?

What is a Shellcode?

What is a reverse shell?

What is a bind shell?

What is an encoder?

The msfvenom utility

Generating a payload with msfvenom

Social Engineering with Metasploit

Generating malicious PDF

Creating infectious media drives

Browser Autopwn

Summary

Exercises

Web Application Scanning with Metasploit

Setting up a vulnerable application

Web application scanning using WMAP

Metasploit Auxiliaries for Web Application enumeration and scanning

Summary

Exercises

Antivirus Evasion and Anti-Forensics

Using encoders to avoid AV detection

Using packagers and encrypters

What is a sandbox?

Anti-forensics

Timestomp

clearev

Summary

Exercises

Cyber Attack Management with Armitage

What is Armitage?

Starting the Armitage console

Scanning and enumeration

Find and launch attacks

Summary

Exercises

Extending Metasploit and Exploit Development

Exploit development concepts

What is a buffer overflow?

What are fuzzers?

Exploit templates and mixins

What are Metasploit mixins?

Adding external exploits to Metasploit

Summary

Exercises